hitman6003

[quote]not true with my database[/quote] You probably have magic_quotes_gpc turned on, and ken probably does not, which is a function of php not the database.

[quote]1-way hash encrpytion[/quote] You answered your own question...1-way means it can't be unencrypted...you can only encrypt a string with the same method and see if they match.

Look at your query: [code]SELECT users.usr_fname FROM users WHERE name LIKE '%".$name."%'[code] Do you have a column named "name"?  Apparently you don't (from the error), so you are probably wanting that to be: [code]SELECT users.usr_fname FROM users WHERE usr_fname LIKE '%".$name."%'[code][/code][/code][/code][/code]

you will have to change their password to something that is known, then set it to the new value (encrypted) in the database, then email the user thier new password.

In this line: [code]$ar = array( 0 => 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f);[/code] you need to put the letters in quotes. You are using += when you should be using .= .  += will add the value of two numbers together... [code]$a = 1; $b = 2; $a += $b; echo $a; //results in 3;[/code] The .= operator will concatenate two strings.

It would appear to be an error in the templating system.  It isn't doing the regular expression match/replace correctly.  You may want to reference the template creator's website and documentation.

it means that you are referencing a variable that doesn't exist.  It should be just a warning and not an error that would cause the script to stop running.

Change your query to: [code]$sql[addpost] = mysql_query("INSERT INTO guestbook (name, email, message, date) VALUES ('$_POST[name]','$_POST[email]','$_POST[message]'," . time() . ")") or die(mysql_error());[/code] Or if you want to use mysql's date and time functions, look here: http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html

First, why? Second, use the "-f simulatedfrom@address.com" as the fourth arguement to the mail function.  For some mail clients/mail hosts this will cause the sender to show up as "sent by ... on behalf of ..." but, it's the only way I can think of off hand.

change: [code]$sql[addpost] = mysql_query("INSERT INTO guestbook (name, email, message, date) VALUES ('$_POST[name]','$_POST[email]','$_POST[message]',time())");[/code] to: [code]$sql[addpost] = mysql_query("INSERT INTO guestbook (name, email, message, date) VALUES ('$_POST[name]','$_POST[email]','$_POST[message]',time())") or die(mysql_error());[/code] Then see if you are getting any errors.

You can't pass an array to preg_match: [code]preg_match("#$read_extensions$#", $_FILES['file']['name'])[/code] Why not use strpos (http://www.php.net/strpos) to do what you want? [code]if (strpos($_FILES['file']['name'], $read_extensions)) {...[/code]

[code]$text = "Hello my name is jason"; $t = explode(" ", $text); $n = count($t); $t[$n-1] = '<span style="color: blue;">' . $t[$n-1] . '</span>'; echo implode(".", $t);[/code]

Building off of redarrow, you could also do: [code]$text = "Hello my name is jason"; echo str_replace(" ", ".", $text);[/code]

It means that your smtp server wants you to either A) authenticate or B) supply a valid email address

use explode to seperate each word, then implode to join them by a new seperator: [code]$text = "Hello my name is jason"; $t = explode(" ", $text); echo implode(".", $t);[/code]

As taken from the php manual (http://us3.php.net/manual/en/features.file-upload.php): [quote]Example 38-1. File Upload Form A file upload screen can be built by creating a special form which looks something like this: <!-- The data encoding type, enctype, MUST be specified as below --> <form enctype="multipart/form-data" action="__URL__" method="POST">     <!-- MAX_FILE_SIZE must precede the file input field -->     <input type="hidden" name="MAX_FILE_SIZE" value="30000" />     <!-- Name of input element determines name in $_FILES array -->     Send this file: <input name="userfile" type="file" />     <input type="submit" value="Send File" /> </form> The __URL__ in the above example should be replaced, and point to a PHP file. [/quote] Put the entype="multipart/form-data" in your opening form tag.

Make sure that you are extracting all of the variables from $_SESSION by doing the: [code]$aloan1 = $_SESSION['aloan1'];[/code] for each one. You can also use extract (http://www.php.net/extract) to quickly do that for all of them.

Cast the field to int would be my recommendation.  I haven't done it before, but it should work. [code]SELECT field FROM table ORDER BY CAST(field AS INT) ASC[/code] http://dev.mysql.com/doc/refman/5.1/en/cast-functions.html Here's a google result that you may want to try: http://blog.feedmarker.com/2006/02/01/how-to-do-natural-alpha-numeric-sort-in-mysql/

I don't think there is a limit to the number of elements in the array, but I could be wrong...I've seen tables with 50+ fields that have been pulled just fine. Make sure that you are using mysql_error() to get any errors that occur.  The mysql_query associated with the loop that generally gives you a problem should give you the error.  Usually the error you get occurs when there is no mysql connection. Also, why not just use phpMyAdmin to do this for you?  Or even MySQL's own MySQL Administrator?

The simplest method is probably to use a captcha.  Captchas are those images that have distorted letters and numbers in them where the user is required to enter in the text to continue.  This forces an actual person to be doing the posting, which should eliminate most of your spamming. Edit:  mmosel beat me to it

[quote]Ive heard if I dont include the URL it will be exploitable?[/quote] No more than using this method to display page content ever is.  Just make sure you do some sort of check to make sure that the only input it will accept is what you want it to be. Remove the http://www.pspbrew.net from the define statement and it should work.

[quote]remote_file     The remote file path. local_file     The local file path. [/quote] When you execute the command you put 'local_file' on the server as 'remote_file'.  In other words, remote_file doesn't have to exist, when the command is executed it copies local_file to the server as remote_file, even if the file names differ.

remove all of the calls to variables by reference in your code. Or, use ini_set to change the value of allow_call_time_pass_reference to true at the top of your page...however, that should not be a permanent solution, as the error states that it might not be supported in the future.

Stupid question, but is the "webserver" and the computer you are executing the code from the command line the same computer?

Not really sure what your trying to accomplish here...what you're asking and what your code does are not really the same. I did clean it up some for you: [code]switch ($_GET['page']){ default: case "home": $sql = "SELECT * FROM `news` order by `id` DESC LIMIT 3"; $result = mysql_query($sql) or die(mysql_error()); while ($text = mysql_Fetch_array($result)) { $id = $text['id']; $title = $text['title']; $date = $text['date']; $author = $text['author']; $content = $text['content']; echo ' <table border="0" cellpadding="0" cellspacing="0"> <tr> <td background="images/news_1.jpg" height="19" align="left" valign="bottom" width="652">'. $title .'</td> </tr> <tr> <td align="left" background="images/news_2.jpg">'. $content .'</td> </tr> <tr> <td background="images/news_3.jpg" height="17"></td> </tr> </table> <table border="0" cellpadding="0" cellspacing="0"> <tr> <td background="images/news_4.jpg" height="19" align="left" valign="bottom" width="652">'. $title .'</td> </tr> <tr> <td align="left" background="images/news_2.jpg">'. $content .'</td> </tr> <tr> <td><img src="images/news_6.jpg" width="652" height="17" alt=""></td> </tr> </table>'; } break; }[/code]